Dear all
We verified the following files.We found that the setuid bit for all of them
was on.
ls -alE /bin/fomtlinc
ls -alE /bin/fomtlout
ls -alE /bin/crontab
-rwsr-xr-x --s- 2 OEDFLT 1 344064 Nov 12 2009 /bin/fomtlinc
-rwsr-xr-x --s- 2 OEDFLT 1 344064 Nov 12 2009 /bin/fomtlout
-rwsr-xr-x --s- 2 OEDFLT 1 344064 Nov 12 2009 /bin/crontab
^
setuid bit
we issued 'TSO OMVS' command again. We got the same error messages as before
When we checked the syslog,the following messages appear on the console:
(these message also appear yesterday)
ICH408I USER(IBMSE41 ) GROUP(#SPUSR ) NAME(DOMENG MENG
/etc/utmpx CL(FSOBJ ) FID(01C2D4E2D3F0F200041A000000DB0000)
INSUFFICIENT AUTHORITY TO OPEN
ACCESS INTENT(RW-) ACCESS ALLOWED(OTHER R--)
EFFECTIVE UID(0000999999) EFFECTIVE GID(0000000020)
After ' ls -l /etc/utmpx ' comand was issued, the /etc/utmpx attribution was
shown below:
-rw-r--r-- 1 BPXOINIT #SYSSTC 2288 Jun 10 21:42 /etc/utmpx
After we issued 'chmod 646 /etc/utmpx ' command and 'ls -l /etc/utmpx' comand ,
the /etc/utmpx attribution was shown now below:
-rw-r--rw-- 1 BPXOINIT #SYSSTC 2288 Jun 10 21:42 /etc/utmpx
we issued 'TSO OMVS' command again.Everything is normal.
Our questions:
When we issue 'tso lu IBMSE41 omvs' command,we get the omvs informations for
userid (IBMSE41) below:
OMVS INFORMATION
----------------
UID= 0000000000
HOME= /
PROGRAM= /bin/sh
CPUTIMEMAX= NONE
ASSIZEMAX= NONE
FILEPROCMAX= NONE
PROCUSERMAX= NONE
THREADSMAX= NONE
MMAPAREAMAX= NONE
But why EFFECTIVE UID is 0000999999 in the following messages ?
Who changed IBMSE41 from UID(0) to UID(999999)?
ICH408I USER(IBMSE41 ) GROUP(#SPUSR ) NAME(DOMENG MENG
/etc/utmpx CL(FSOBJ ) FID(01C2D4E2D3F0F200041A000000DB0000)
INSUFFICIENT AUTHORITY TO OPEN
ACCESS INTENT(RW-) ACCESS ALLOWED(OTHER R--)
EFFECTIVE UID(0000999999) EFFECTIVE GID(0000000020)
Thanks a lot!
Best Regards,
Jason Cai
发件人: David Geib
发送时间: 2010-06-12 00:25:55
收件人: IBM-MAIN
抄送:
主题: Re: EDC5113I reason code = 053501B2 in/ /etc/utmpx
Verify that these files have the setuid bit
on:
ls -alE /bin/fomtlinc
ls -alE /bin/fomtlout
-rwsr-xr-x --s- 2 SYSADM 1 344064 May 19 2009 /bin/fomtlinc
-rwsr-xr-x --s- 2 SYSADM 1 319488 May 19 2009 /bin/fomtlout
^
setuid bit
To turn the set-user-ID bit on, issue the following commands:
chmod u+s /bin/fomtlinc
chmod u+s /bin/fomtlout
Also, see (older) INFO APAR II12726, as it may explain how the setuid bit got
turned off for these files.
If the /etc file system was mounted R/O, a different rsncode would surface:
FSUM2378 The start of the session was not recorded. The slot
(in /etc/utmpx) fo
r this terminal could not be updated, or a new slot for the terminal could not b
e created.
Function = pututxline(), terminal name = '/dev/ttyp0000', program name
= '/bin/f
omtlinc', errno = 141 (X'0000008D'), reason code = 05620060, message
= 'EDC5141I
Read-only file system.'
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
